KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > servicemix > soap > handlers > security > BaseCrypto


1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.servicemix.soap.handlers.security;
18
19 import java.io.ByteArrayInputStream JavaDoc;
20 import java.io.InputStream JavaDoc;
21 import java.math.BigInteger JavaDoc;
22 import java.security.InvalidAlgorithmParameterException JavaDoc;
23 import java.security.KeyStore JavaDoc;
24 import java.security.KeyStoreException JavaDoc;
25 import java.security.MessageDigest JavaDoc;
26 import java.security.NoSuchAlgorithmException JavaDoc;
27 import java.security.NoSuchProviderException JavaDoc;
28 import java.security.PrivateKey JavaDoc;
29 import java.security.PublicKey JavaDoc;
30 import java.security.cert.CertPath JavaDoc;
31 import java.security.cert.CertPathValidator JavaDoc;
32 import java.security.cert.CertPathValidatorException JavaDoc;
33 import java.security.cert.Certificate JavaDoc;
34 import java.security.cert.CertificateEncodingException JavaDoc;
35 import java.security.cert.CertificateException JavaDoc;
36 import java.security.cert.CertificateFactory JavaDoc;
37 import java.security.cert.PKIXParameters JavaDoc;
38 import java.security.cert.TrustAnchor JavaDoc;
39 import java.security.cert.X509Certificate JavaDoc;
40 import java.security.interfaces.RSAPublicKey JavaDoc;
41 import java.util.ArrayList JavaDoc;
42 import java.util.Arrays JavaDoc;
43 import java.util.HashSet JavaDoc;
44 import java.util.Iterator JavaDoc;
45 import java.util.List JavaDoc;
46 import java.util.Set JavaDoc;
47 import java.util.Vector JavaDoc;
48
49 import org.apache.ws.security.WSSecurityException;
50 import org.apache.ws.security.components.crypto.Crypto;
51 import org.apache.ws.security.components.crypto.X509NameTokenizer;
52
53 public abstract class BaseCrypto implements Crypto {
54
55     private static final String JavaDoc SKI_OID = "2.5.29.14";
56     
57     private String JavaDoc provider;
58     private CertificateFactory JavaDoc certFact;
59     private String JavaDoc defaultX509Alias;
60
61     /**
62      * @param defaultX509Alias the defaultX509Alias to set
63      */
64     public void setDefaultX509Alias(String JavaDoc defaultX509Alias) {
65         this.defaultX509Alias = defaultX509Alias;
66     }
67
68     /**
69      * @return the provider
70      */
71     public String JavaDoc getProvider() {
72         return provider;
73     }
74
75     /**
76      * @param provider the provider to set
77      */
78     public void setProvider(String JavaDoc provider) {
79         this.provider = provider;
80     }
81
82     /**
83      * Return a X509 Certificate alias in the keystore according to a given Certificate
84      * <p/>
85      *
86      * @param cert The certificate to lookup
87      * @return alias name of the certificate that matches the given certificate
88      * or null if no such certificate was found.
89      */
90     public String JavaDoc getAliasForX509Cert(Certificate JavaDoc cert) throws WSSecurityException {
91         try {
92             String JavaDoc alias = getCertificateAlias(cert);
93             if (alias != null)
94                 return alias;
95             // Use brute force search
96 String JavaDoc[] allAliases = getAliases();
97             for (int i = 0; i < allAliases.length; i++) {
98                 Certificate JavaDoc cert2 = getCertificate(alias);
99                 if (cert2.equals(cert)) {
100                     return alias;
101                 }
102             }
103         } catch (KeyStoreException JavaDoc e) {
104             throw new WSSecurityException(WSSecurityException.FAILURE,
105                     "keystore");
106         }
107         return null;
108     }
109
110     /**
111      * Lookup a X509 Certificate in the keystore according to a given
112      * the issuer of a Certficate.
113      * <p/>
114      * The search gets all alias names of the keystore and gets the certificate chain
115      * for each alias. Then the Issuer fo each certificate of the chain
116      * is compared with the parameters.
117      *
118      * @param issuer The issuer's name for the certificate
119      * @return alias name of the certificate that matches the issuer name
120      * or null if no such certificate was found.
121      */
122     public String JavaDoc getAliasForX509Cert(String JavaDoc issuer) throws WSSecurityException {
123         return getAliasForX509Cert(issuer, null, false);
124     }
125
126     /**
127      * Lookup a X509 Certificate in the keystore according to a given
128      * SubjectKeyIdentifier.
129      * <p/>
130      * The search gets all alias names of the keystore and gets the certificate chain
131      * or certificate for each alias. Then the SKI for each user certificate
132      * is compared with the SKI parameter.
133      *
134      * @param skiBytes The SKI info bytes
135      * @return alias name of the certificate that matches serialNumber and issuer name
136      * or null if no such certificate was found.
137      * @throws org.apache.ws.security.WSSecurityException
138      * if problems during keystore handling or wrong certificate (no SKI data)
139      */
140     public String JavaDoc getAliasForX509Cert(byte[] skiBytes) throws WSSecurityException {
141         Certificate JavaDoc cert = null;
142         try {
143             String JavaDoc[] allAliases = getAliases();
144             for (int i = 0; i < allAliases.length; i++) {
145                 String JavaDoc alias = allAliases[i];
146                 cert = getCertificateChainOrCertificate(alias);
147                 if (cert instanceof X509Certificate JavaDoc) {
148                     byte[] data = getSKIBytesFromCert((X509Certificate JavaDoc) cert);
149                     if (Arrays.equals(data, skiBytes)) {
150                         return alias;
151                     }
152                 }
153             }
154         } catch (KeyStoreException JavaDoc e) {
155             throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
156         }
157         return null;
158     }
159
160     /**
161      * Lookup a X509 Certificate in the keystore according to a given serial number and
162      * the issuer of a Certficate.
163      * <p/>
164      * The search gets all alias names of the keystore and gets the certificate chain
165      * for each alias. Then the SerialNumber and Issuer fo each certificate of the chain
166      * is compared with the parameters.
167      *
168      * @param issuer The issuer's name for the certificate
169      * @param serialNumber The serial number of the certificate from the named issuer
170      * @return alias name of the certificate that matches serialNumber and issuer name
171      * or null if no such certificate was found.
172      */
173     public String JavaDoc getAliasForX509Cert(String JavaDoc issuer, BigInteger JavaDoc serialNumber) throws WSSecurityException {
174         return getAliasForX509Cert(issuer, serialNumber, true);
175     }
176
177     /**
178      * Lookup a X509 Certificate in the keystore according to a given
179      * Thumbprint.
180      * <p/>
181      * The search gets all alias names of the keystore, then reads the certificate chain
182      * or certificate for each alias. Then the thumbprint for each user certificate
183      * is compared with the thumbprint parameter.
184      *
185      * @param thumb The SHA1 thumbprint info bytes
186      * @return alias name of the certificate that matches the thumbprint
187      * or null if no such certificate was found.
188      * @throws org.apache.ws.security.WSSecurityException
189      * if problems during keystore handling or wrong certificate
190      */
191     public String JavaDoc getAliasForX509CertThumb(byte[] thumb) throws WSSecurityException {
192         Certificate JavaDoc cert = null;
193         MessageDigest JavaDoc sha = null;
194         try {
195             sha = MessageDigest.getInstance("SHA-1");
196         } catch (NoSuchAlgorithmException JavaDoc e1) {
197             throw new WSSecurityException(0, "noSHA1availabe");
198         }
199         try {
200             String JavaDoc[] allAliases = getAliases();
201             for (int i = 0; i < allAliases.length; i++) {
202                 String JavaDoc alias = allAliases[i];
203                 cert = getCertificateChainOrCertificate(alias);
204                 if (cert instanceof X509Certificate JavaDoc) {
205                     sha.reset();
206                     try {
207                         sha.update(cert.getEncoded());
208                     } catch (CertificateEncodingException JavaDoc e1) {
209                         throw new WSSecurityException(
210                                 WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
211                                 "encodeError");
212                     }
213                     byte[] data = sha.digest();
214                     if (Arrays.equals(data, thumb)) {
215                         return alias;
216                     }
217                 }
218             }
219         } catch (KeyStoreException JavaDoc e) {
220             throw new WSSecurityException(WSSecurityException.FAILURE,
221                     "keystore");
222         }
223         return null;
224     }
225
226     /**
227      * Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
228      * <p/>
229      * The search gets all alias names of the keystore and gets the certificate (chain)
230      * for each alias. Then the DN of the certificate is compared with the parameters.
231      *
232      * @param subjectDN The DN of subject to look for in the keystore
233      * @return Vector with all alias of certificates with the same DN as given in the parameters
234      * @throws org.apache.ws.security.WSSecurityException
235      *
236      */
237     public String JavaDoc[] getAliasesForDN(String JavaDoc subjectDN) throws WSSecurityException {
238         // Store the aliases found
239 Vector JavaDoc aliases = new Vector JavaDoc();
240         Certificate JavaDoc cert = null;
241         // The DN to search the keystore for
242 Vector JavaDoc subjectRDN = splitAndTrim(subjectDN);
243         // Look at every certificate in the keystore
244 try {
245             String JavaDoc[] allAliases = getAliases();
246             for (int i = 0; i < allAliases.length; i++) {
247                 String JavaDoc alias = allAliases[i];
248                 cert = getCertificateChainOrCertificate(alias);
249                 if (cert instanceof X509Certificate JavaDoc) {
250                     Vector JavaDoc foundRDN = splitAndTrim(((X509Certificate JavaDoc) cert).getSubjectDN().getName());
251                     if (subjectRDN.equals(foundRDN)) {
252                         aliases.add(alias);
253                     }
254                 }
255             }
256         } catch (KeyStoreException JavaDoc e) {
257             throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
258         }
259         // Convert the vector into an array
260 return (String JavaDoc[]) aliases.toArray(new String JavaDoc[aliases.size()]);
261     }
262
263     /**
264      * get a byte array given an array of X509 certificates.
265      * <p/>
266      *
267      * @param reverse If set the first certificate in the array data will
268      * the last in the byte array
269      * @param certs The certificates to convert
270      * @return The byte array for the certficates ordered according
271      * to the reverse flag
272      * @throws WSSecurityException
273      */
274     public byte[] getCertificateData(boolean reverse, X509Certificate JavaDoc[] certs) throws WSSecurityException {
275         Vector JavaDoc list = new Vector JavaDoc();
276         for (int i = 0; i < certs.length; i++) {
277             if (reverse) {
278                 list.insertElementAt(certs[i], 0);
279             } else {
280                 list.add(certs[i]);
281             }
282         }
283         try {
284             CertPath JavaDoc path = getCertificateFactory().generateCertPath(list);
285             return path.getEncoded();
286         } catch (CertificateEncodingException JavaDoc e) {
287             throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
288                     "encodeError");
289         } catch (CertificateException JavaDoc e) {
290             throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
291                     "parseError");
292         }
293     }
294
295     /**
296      * Singleton certificate factory for this Crypto instance.
297      * <p/>
298      *
299      * @return Returns a <code>CertificateFactory</code> to construct
300      * X509 certficates
301      * @throws org.apache.ws.security.WSSecurityException
302      *
303      */
304     public synchronized CertificateFactory JavaDoc getCertificateFactory() throws WSSecurityException {
305         if (certFact == null) {
306             try {
307                 if (provider == null || provider.length() == 0) {
308                     certFact = CertificateFactory.getInstance("X.509");
309                 } else {
310                     certFact = CertificateFactory.getInstance("X.509", provider);
311                 }
312             } catch (CertificateException JavaDoc e) {
313                 throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
314                         "unsupportedCertType");
315             } catch (NoSuchProviderException JavaDoc e) {
316                 throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
317                         "noSecProvider");
318             }
319         }
320         return certFact;
321     }
322
323     /**
324      * Gets the list of certificates for a given alias.
325      * <p/>
326      *
327      * @param alias Lookup certificate chain for this alias
328      * @return Array of X509 certificates for this alias name, or
329      * null if this alias does not exist in the keystore
330      */
331     public X509Certificate JavaDoc[] getCertificates(String JavaDoc alias) throws WSSecurityException {
332         try {
333             Certificate JavaDoc[] certs = getCertificateChain(alias);
334             if (certs != null && certs.length > 0) {
335                 List JavaDoc x509certs = new ArrayList JavaDoc();
336                 for (int i = 0; i < certs.length; i++) {
337                     if (certs[i] instanceof X509Certificate JavaDoc) {
338                         x509certs.add(certs[i]);
339                     }
340                 }
341                 return (X509Certificate JavaDoc[]) x509certs.toArray(new X509Certificate JavaDoc[x509certs.size()]);
342             }
343             // no cert chain, so lets check if getCertificate gives us a result.
344 Certificate JavaDoc cert = getCertificate(alias);
345             if (cert instanceof X509Certificate JavaDoc) {
346                 return new X509Certificate JavaDoc[] { (X509Certificate JavaDoc) cert };
347             }
348             return null;
349         } catch (KeyStoreException JavaDoc e) {
350             throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
351         }
352     }
353
354     public String JavaDoc getDefaultX509Alias() {
355         return defaultX509Alias;
356     }
357
358     public KeyStore JavaDoc getKeyStore() {
359         return null;
360     }
361
362     /**
363      * Gets the private key identified by <code>alias</> and <code>password</code>.
364      * <p/>
365      *
366      * @param alias The alias (<code>KeyStore</code>) of the key owner
367      * @param password The password needed to access the private key
368      * @return The private key
369      * @throws Exception
370      */
371     public abstract PrivateKey JavaDoc getPrivateKey(String JavaDoc alias, String JavaDoc password) throws Exception JavaDoc;
372
373     /**
374      * Reads the SubjectKeyIdentifier information from the certificate.
375      * <p/>
376      * If the the certificate does not contain a SKI extension then
377      * try to compute the SKI according to RFC3280 using the
378      * SHA-1 hash value of the public key. The second method described
379      * in RFC3280 is not support. Also only RSA public keys are supported.
380      * If we cannot compute the SKI throw a WSSecurityException.
381      *
382      * @param cert The certificate to read SKI
383      * @return The byte array conating the binary SKI data
384      */
385     public byte[] getSKIBytesFromCert(X509Certificate JavaDoc cert) throws WSSecurityException {
386         /*
387          * Gets the DER-encoded OCTET string for the extension value (extnValue)
388          * identified by the passed-in oid String. The oid string is represented
389          * by a set of positive whole numbers separated by periods.
390          */
391         byte[] derEncodedValue = cert.getExtensionValue(SKI_OID);
392         if (cert.getVersion() < 3 || derEncodedValue == null) {
393             PublicKey JavaDoc key = cert.getPublicKey();
394             if (!(key instanceof RSAPublicKey JavaDoc)) {
395                 throw new WSSecurityException(1, "noSKIHandling", new Object JavaDoc[] { "Support for RSA key only" });
396             }
397             byte[] encoded = key.getEncoded();
398             // remove 22-byte algorithm ID and header
399 byte[] value = new byte[encoded.length - 22];
400             System.arraycopy(encoded, 22, value, 0, value.length);
401             MessageDigest JavaDoc sha;
402             try {
403                 sha = MessageDigest.getInstance("SHA-1");
404             } catch (NoSuchAlgorithmException JavaDoc ex) {
405                 throw new WSSecurityException(1, "noSKIHandling", new Object JavaDoc[] { "Wrong certificate version (<3) and no SHA1 message digest availabe" });
406             }
407             sha.reset();
408             sha.update(value);
409             return sha.digest();
410         }
411         /*
412          * Strip away first four bytes from the DerValue (tag and length of
413          * ExtensionValue OCTET STRING and KeyIdentifier OCTET STRING)
414          */
415         byte abyte0[] = new byte[derEncodedValue.length - 4];
416         System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
417         return abyte0;
418     }
419
420     public X509Certificate JavaDoc[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException {
421         InputStream JavaDoc in = new ByteArrayInputStream JavaDoc(data);
422         CertPath JavaDoc path = null;
423         try {
424             path = getCertificateFactory().generateCertPath(in);
425         } catch (CertificateException JavaDoc e) {
426             throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
427                     "parseError");
428         }
429         List JavaDoc l = path.getCertificates();
430         X509Certificate JavaDoc[] certs = new X509Certificate JavaDoc[l.size()];
431         Iterator JavaDoc iterator = l.iterator();
432         for (int i = 0; i < l.size(); i++) {
433             certs[(reverse) ? (l.size() - 1 - i) : i] = (X509Certificate JavaDoc) iterator.next();
434         }
435         return certs;
436     }
437
438     /**
439      * load a X509Certificate from the input stream.
440      * <p/>
441      *
442      * @param in The <code>InputStream</code> array containg the X509 data
443      * @return An X509 certificate
444      * @throws WSSecurityException
445      */
446     public X509Certificate JavaDoc loadCertificate(InputStream JavaDoc in) throws WSSecurityException {
447         X509Certificate JavaDoc cert = null;
448         try {
449             cert = (X509Certificate JavaDoc) getCertificateFactory().generateCertificate(in);
450         } catch (CertificateException JavaDoc e) {
451             throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
452                     "parseError");
453         }
454         return cert;
455     }
456
457     /**
458      * Uses the CertPath API to validate a given certificate chain
459      * <p/>
460      *
461      * @param certs Certificate chain to validate
462      * @return true if the certificate chain is valid, false otherwise
463      * @throws WSSecurityException
464      */
465     public boolean validateCertPath(X509Certificate JavaDoc[] certs) throws WSSecurityException {
466         try {
467             // Generate cert path
468 java.util.List JavaDoc certList = java.util.Arrays.asList(certs);
469             CertPath JavaDoc path = this.getCertificateFactory().generateCertPath(certList);
470
471             // Use the certificates in the keystore as TrustAnchors
472 Set JavaDoc hashSet = new HashSet JavaDoc();
473             String JavaDoc[] aliases = getTrustCertificates();
474             for (int i = 0; i < aliases.length; i++) {
475                 Certificate JavaDoc cert = getCertificate(aliases[i]);
476                 if (cert instanceof X509Certificate JavaDoc) {
477                     hashSet.add(new TrustAnchor JavaDoc((X509Certificate JavaDoc) cert, null));
478                 }
479             }
480             PKIXParameters JavaDoc param = new PKIXParameters JavaDoc(hashSet);
481             // Do not check a revocation list
482 param.setRevocationEnabled(false);
483             // Verify the trust path using the above settings
484 CertPathValidator JavaDoc certPathValidator;
485             if (provider == null || provider.length() == 0) {
486                 certPathValidator = CertPathValidator.getInstance("PKIX");
487             } else {
488                 certPathValidator = CertPathValidator.getInstance("PKIX", provider);
489             }
490             certPathValidator.validate(path, param);
491         } catch (NoSuchProviderException JavaDoc ex) {
492                 throw new WSSecurityException(WSSecurityException.FAILURE,
493                                 "certpath", new Object JavaDoc[] { ex.getMessage() },
494                                 (Throwable JavaDoc) ex);
495         } catch (NoSuchAlgorithmException JavaDoc ex) {
496                 throw new WSSecurityException(WSSecurityException.FAILURE,
497                                 "certpath", new Object JavaDoc[] { ex.getMessage() },
498                                 (Throwable JavaDoc) ex);
499         } catch (CertificateException JavaDoc ex) {
500                 throw new WSSecurityException(WSSecurityException.FAILURE,
501                                 "certpath", new Object JavaDoc[] { ex.getMessage() },
502                                 (Throwable JavaDoc) ex);
503         } catch (InvalidAlgorithmParameterException JavaDoc ex) {
504                 throw new WSSecurityException(WSSecurityException.FAILURE,
505                                 "certpath", new Object JavaDoc[] { ex.getMessage() },
506                                 (Throwable JavaDoc) ex);
507         } catch (CertPathValidatorException JavaDoc ex) {
508                 throw new WSSecurityException(WSSecurityException.FAILURE,
509                                 "certpath", new Object JavaDoc[] { ex.getMessage() },
510                                 (Throwable JavaDoc) ex);
511         } catch (KeyStoreException JavaDoc ex) {
512                 throw new WSSecurityException(WSSecurityException.FAILURE,
513                                 "certpath", new Object JavaDoc[] { ex.getMessage() },
514                                 (Throwable JavaDoc) ex);
515         }
516
517         return true;
518     }
519
520     protected Vector JavaDoc splitAndTrim(String JavaDoc inString) {
521         X509NameTokenizer nmTokens = new X509NameTokenizer(inString);
522         Vector JavaDoc vr = new Vector JavaDoc();
523
524         while (nmTokens.hasMoreTokens()) {
525             vr.add(nmTokens.nextToken());
526         }
527         java.util.Collections.sort(vr);
528         return vr;
529     }
530     
531     protected Certificate JavaDoc getCertificateChainOrCertificate(String JavaDoc alias) throws KeyStoreException JavaDoc {
532         Certificate JavaDoc[] certs = getCertificateChain(alias);
533         Certificate JavaDoc cert = null;
534         if (certs == null || certs.length == 0) {
535             // no cert chain, so lets check if getCertificate gives us a result.
536 cert = getCertificate(alias);
537             if (cert == null) {
538                 return null;
539             }
540         } else {
541             cert = certs[0];
542         }
543         return cert;
544     }
545     
546     /*
547      * need to check if "getCertificateChain" also finds certificates that are
548      * used for enryption only, i.e. they may not be signed by a CA
549      * Otherwise we must define a restriction how to use certificate:
550      * each certificate must be signed by a CA or is a self signed Certificate
551      * (this should work as well).
552      * --- remains to be tested in several ways --
553      */
554      private String JavaDoc getAliasForX509Cert(String JavaDoc issuer, BigInteger JavaDoc serialNumber,
555                                         boolean useSerialNumber)
556              throws WSSecurityException {
557          Vector JavaDoc issuerRDN = splitAndTrim(issuer);
558          X509Certificate JavaDoc x509cert = null;
559          Vector JavaDoc certRDN = null;
560          Certificate JavaDoc cert = null;
561
562          try {
563              String JavaDoc[] allAliases = getAliases();
564              for (int i = 0; i < allAliases.length; i++) {
565                  String JavaDoc alias = allAliases[i];
566                  cert = getCertificateChainOrCertificate(alias);
567                  if (cert instanceof X509Certificate JavaDoc) {
568                      x509cert = (X509Certificate JavaDoc) cert;
569                      if (!useSerialNumber ||
570                              useSerialNumber && x509cert.getSerialNumber().compareTo(serialNumber) == 0) {
571                          certRDN = splitAndTrim(x509cert.getIssuerDN().getName());
572                          if (certRDN.equals(issuerRDN)) {
573                              return alias;
574                          }
575                      }
576                  }
577              }
578          } catch (KeyStoreException JavaDoc e) {
579              throw new WSSecurityException(WSSecurityException.FAILURE,
580                      "keystore");
581          }
582          return null;
583      }
584
585     protected abstract String JavaDoc[] getAliases() throws KeyStoreException JavaDoc;
586     
587     protected abstract Certificate JavaDoc[] getCertificateChain(String JavaDoc alias) throws KeyStoreException JavaDoc;
588     
589     protected abstract Certificate JavaDoc getCertificate(String JavaDoc alias) throws KeyStoreException JavaDoc;
590
591     protected abstract String JavaDoc getCertificateAlias(Certificate JavaDoc cert) throws KeyStoreException JavaDoc;
592     
593     protected abstract String JavaDoc[] getTrustCertificates() throws KeyStoreException JavaDoc;
594
595 }
596
Popular Tags